The Xbot Banking Trojan may threaten Android users around the world

Criminals have created an Android trojan that mimics applications and the Google Play Store payment

system, so they can steal banking credentials and credit card information.

The trojan is capable of mimicking the login pages for different banks, remotely encrypting an infected phone with ransomware, and even intercepting SMS messages. Although Xbot still appears to be in the early stages of development, it is complex and you’ll definitely be hearing about it more in the coming year.

Six of the banks that have been targeted are Australian, but the Xbot trojan is able to adapt, meaning that seen the malware may threaten Android users around the world! However, so far, Xbot’s scope appears to be only Android users in Russia and Australia.

So how does it work? Xbot is designed to lay dormant on your smartphone until you open a banking app. At that point, the malware recognises that a banking app has been launched and it will then launch its own customised interface that looks almost exactly like the original app. Xbot is designed to appear as close to a legitimate app as possible, this is called “activity hijacking.”

The Xbot Trojan will also perform a phishing attach when the Google Play Store application is opened. When you register for the Play Store, you have to provide your credit card information. The information it asks for includes the credit card number, expiration date, CVV number, crad holder’s name, billing address, phone number and the VBV or McSec numbers.

Not only does the Xbot collect the affected users’ SMS messages, but it can also remotely lock infected Android devices, encrypt the user’s files in external storage and then ask for a PayPal cash card as ransom.

At the moment the Xbot trojan is limited, but it will soon expand its scope to other regions, languages and banks. With this in mind, it is vital to always be aware as you may be vulnerable to attack!

The Computer Guyz in Cape Town and Centurion have a wide range of IT services and equipment on offer. Whether it be general IT support and repairs or website design and hosting - contact The Computer Guyz today.